Examples with CertSecretSourceBuilder io.strimzi.api.kafka.model.CertSecretSourceBuilder used on opensource projects

Search in sources :

Example 26 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class UtilTest method getHashOk.

@Test
public void getHashOk() {
    String namespace = "ns";
    GenericSecretSource at = new GenericSecretSourceBuilder().withSecretName("top-secret-at").withKey("key").build();
    GenericSecretSource cs = new GenericSecretSourceBuilder().withSecretName("top-secret-cs").withKey("key").build();
    GenericSecretSource rt = new GenericSecretSourceBuilder().withSecretName("top-secret-rt").withKey("key").build();
    KafkaClientAuthentication kcu = new KafkaClientAuthenticationOAuthBuilder().withAccessToken(at).withRefreshToken(rt).withClientSecret(cs).build();
    CertSecretSource css = new CertSecretSourceBuilder().withCertificate("key").withSecretName("css-secret").build();
    Secret secret = new SecretBuilder().withData(Map.of("key", "value")).build();
    SecretOperator secretOps = mock(SecretOperator.class);
    when(secretOps.getAsync(eq(namespace), eq("top-secret-at"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-rt"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-cs"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("css-secret"))).thenReturn(Future.succeededFuture(secret));
    Future<Integer> res = Util.authTlsHash(secretOps, "ns", kcu, singletonList(css));
    res.onComplete(v -> {
        assertThat(v.succeeded(), is(true));
        // we are summing "value" hash four times
        assertThat(v.result(), is("value".hashCode() * 4));
    });
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Test(org.junit.jupiter.api.Test)

Example 27 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaMirrorMaker2Templates method defaultKafkaMirrorMaker2.

private static KafkaMirrorMaker2Builder defaultKafkaMirrorMaker2(KafkaMirrorMaker2 kafkaMirrorMaker2, String name, String kafkaTargetClusterName, String kafkaSourceClusterName, int kafkaMirrorMaker2Replicas, boolean tlsListener, String sourceNs, String targetNs) {
    KafkaMirrorMaker2ClusterSpec targetClusterSpec = new KafkaMirrorMaker2ClusterSpecBuilder().withAlias(kafkaTargetClusterName).withBootstrapServers(targetNs == null ? KafkaResources.plainBootstrapAddress(kafkaTargetClusterName) : KafkaUtils.namespacedPlainBootstrapAddress(kafkaTargetClusterName, targetNs)).addToConfig("config.storage.replication.factor", -1).addToConfig("offset.storage.replication.factor", -1).addToConfig("status.storage.replication.factor", -1).build();
    KafkaMirrorMaker2ClusterSpec sourceClusterSpec = new KafkaMirrorMaker2ClusterSpecBuilder().withAlias(kafkaSourceClusterName).withBootstrapServers(sourceNs == null ? KafkaResources.plainBootstrapAddress(kafkaSourceClusterName) : KafkaUtils.namespacedPlainBootstrapAddress(kafkaSourceClusterName, sourceNs)).build();
    if (tlsListener) {
        targetClusterSpec = new KafkaMirrorMaker2ClusterSpecBuilder(targetClusterSpec).withBootstrapServers(targetNs == null ? KafkaResources.tlsBootstrapAddress(kafkaTargetClusterName) : KafkaUtils.namespacedTlsBootstrapAddress(kafkaTargetClusterName, targetNs)).withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaTargetClusterName)).withCertificate("ca.crt").build()).endTls().build();
        sourceClusterSpec = new KafkaMirrorMaker2ClusterSpecBuilder(sourceClusterSpec).withBootstrapServers(sourceNs == null ? KafkaResources.tlsBootstrapAddress(kafkaSourceClusterName) : KafkaUtils.namespacedTlsBootstrapAddress(kafkaSourceClusterName, sourceNs)).withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaSourceClusterName)).withCertificate("ca.crt").build()).endTls().build();
    }
    return new KafkaMirrorMaker2Builder(kafkaMirrorMaker2).withNewMetadata().withName(name).withNamespace(ResourceManager.kubeClient().getNamespace()).withClusterName(kafkaTargetClusterName).endMetadata().editOrNewSpec().withVersion(Environment.ST_KAFKA_VERSION).withReplicas(kafkaMirrorMaker2Replicas).withConnectCluster(kafkaTargetClusterName).withClusters(targetClusterSpec, sourceClusterSpec).editFirstMirror().withSourceCluster(kafkaSourceClusterName).withTargetCluster(kafkaTargetClusterName).endMirror().withNewInlineLogging().addToLoggers("connect.root.logger.level", "DEBUG").endInlineLogging().endSpec();
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)

Example 28 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class ConnectIsolatedST method testConnectTlsAuthWithWeirdUserName.

@Tag(NODEPORT_SUPPORTED)
@Tag(EXTERNAL_CLIENTS_USED)
@Tag(CONNECTOR_OPERATOR)
@ParallelNamespaceTest
void testConnectTlsAuthWithWeirdUserName(ExtensionContext extensionContext) {
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
    // Create weird named user with . and maximum of 64 chars -> TLS
    final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasd";
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build(), new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(false, kafkaClientsName).build());
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, weirdUserName).build());
    resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnect(extensionContext, clusterName, 1).editMetadata().addToAnnotations(Annotations.STRIMZI_IO_USE_CONNECTOR_RESOURCES, "true").endMetadata().editSpec().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withCertificate("ca.crt").withSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName)).build()).endTls().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(weirdUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withBootstrapServers(KafkaResources.tlsBootstrapAddress(clusterName)).endSpec().build());
    testConnectAuthorizationWithWeirdUserName(extensionContext, clusterName, weirdUserName, SecurityProtocol.SSL, topicName);
}
Also used : KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Matchers.containsString(org.hamcrest.Matchers.containsString) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 29 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class ConnectIsolatedST method testConnectScramShaAuthWithWeirdUserName.

@Tag(NODEPORT_SUPPORTED)
@Tag(EXTERNAL_CLIENTS_USED)
@Tag(CONNECTOR_OPERATOR)
@ParallelNamespaceTest
void testConnectScramShaAuthWithWeirdUserName(ExtensionContext extensionContext) {
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
    // Create weird named user with . and more than 64 chars -> SCRAM-SHA
    final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasdsadasdasdasdasdgasgadfasdad";
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationScramSha512()).build(), new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(false, kafkaClientsName).build());
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.scramShaUser(clusterName, weirdUserName).build());
    resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnect(extensionContext, clusterName, 1).editMetadata().addToAnnotations(Annotations.STRIMZI_IO_USE_CONNECTOR_RESOURCES, "true").endMetadata().editOrNewSpec().withBootstrapServers(KafkaResources.tlsBootstrapAddress(clusterName)).withNewKafkaClientAuthenticationScramSha512().withUsername(weirdUserName).withPasswordSecret(new PasswordSecretSourceBuilder().withSecretName(weirdUserName).withPassword("password").build()).endKafkaClientAuthenticationScramSha512().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withCertificate("ca.crt").withSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName)).build()).endTls().endSpec().build());
    testConnectAuthorizationWithWeirdUserName(extensionContext, clusterName, weirdUserName, SecurityProtocol.SASL_SSL, topicName);
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Matchers.containsString(org.hamcrest.Matchers.containsString) PasswordSecretSourceBuilder(io.strimzi.api.kafka.model.PasswordSecretSourceBuilder) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 30 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class OauthAuthorizationIsolatedST method testKeycloakAuthorizerToDelegateToSimpleAuthorizer.

@ParallelNamespaceTest
@Order(10)
void testKeycloakAuthorizerToDelegateToSimpleAuthorizer(ExtensionContext extensionContext) {
    TestStorage testStorage = new TestStorage(extensionContext);
    // we have to create keycloak, team-a-client and team-b-client secret from `infra-namespace` to the new namespace
    resourceManager.createResource(extensionContext, kubeClient().getSecret(INFRA_NAMESPACE, KeycloakInstance.KEYCLOAK_SECRET_NAME));
    resourceManager.createResource(extensionContext, kubeClient().getSecret(INFRA_NAMESPACE, TEAM_A_CLIENT_SECRET));
    resourceManager.createResource(extensionContext, kubeClient().getSecret(INFRA_NAMESPACE, TEAM_B_CLIENT_SECRET));
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(testStorage.getClusterName(), 1, 1).editSpec().editKafka().withListeners(OauthAbstractST.BUILD_OAUTH_TLS_LISTENER.apply(keycloakInstance)).withNewKafkaAuthorizationKeycloak().withClientId(KAFKA_CLIENT_ID).withDisableTlsHostnameVerification(true).withDelegateToKafkaAcls(true).withTlsTrustedCertificates(new CertSecretSourceBuilder().withSecretName(KeycloakInstance.KEYCLOAK_SECRET_NAME).withCertificate(KeycloakInstance.KEYCLOAK_SECRET_CERT).build()).withTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).endKafkaAuthorizationKeycloak().endKafka().endSpec().build());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(testStorage.getNamespaceName(), testStorage.getClusterName(), TEAM_A_CLIENT).build());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(testStorage.getNamespaceName(), testStorage.getClusterName(), TEAM_B_CLIENT).build());
    final String teamAProducerName = TEAM_A_PRODUCER_NAME + "-" + testStorage.getClusterName();
    final String teamAConsumerName = TEAM_A_CONSUMER_NAME + "-" + testStorage.getClusterName();
    final String topicName = TOPIC_A + "-" + testStorage.getTopicName();
    final String consumerGroup = "a-consumer_group-" + testStorage.getConsumerName();
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(testStorage.getClusterName(), topicName, testStorage.getNamespaceName()).build());
    KafkaOauthClients teamAOauthClientJob = new KafkaOauthClientsBuilder().withNamespaceName(testStorage.getNamespaceName()).withProducerName(teamAProducerName).withConsumerName(teamAConsumerName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(testStorage.getClusterName())).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withConsumerGroup(consumerGroup).withOauthClientId(TEAM_A_CLIENT).withOauthClientSecret(TEAM_A_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    resourceManager.createResource(extensionContext, teamAOauthClientJob.producerStrimziOauthTls(testStorage.getClusterName()));
    ClientUtils.waitForClientSuccess(teamAProducerName, testStorage.getNamespaceName(), MESSAGE_COUNT);
    resourceManager.createResource(extensionContext, teamAOauthClientJob.consumerStrimziOauthTls(testStorage.getClusterName()));
    ClientUtils.waitForClientSuccess(teamAConsumerName, testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used : CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder) TestStorage(io.strimzi.systemtest.storage.TestStorage) KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients) Order(org.junit.jupiter.api.Order) TestMethodOrder(org.junit.jupiter.api.TestMethodOrder) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)

Aggregations

CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)86 ParallelTest (io.strimzi.test.annotations.ParallelTest)64 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)52 Container (io.fabric8.kubernetes.api.model.Container)50 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)30 KafkaClientAuthenticationTlsBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)28 HashMap (java.util.HashMap)20 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)18 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)18 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)18 LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)18 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)18 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)18 Quantity (io.fabric8.kubernetes.api.model.Quantity)18 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)18 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)18 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)18 ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)18 ContainerTemplate (io.strimzi.api.kafka.model.template.ContainerTemplate)18 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)18
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial